>> Announcer: Live from San Francisco, it's theCUBE, covering RSA conference 2020 San Francisco, brought to you by SiliconANGLE Media. >> Hey, welcome back, everybody. Jeff Frick here with theCUBE. We're at the RSA 2020 show, here in Moscone in San Francisco, it's Thursday, we've been going wall to wall, we're really excited for our next guest. We've been talking about some kind of interesting topics, getting a little bit into the weeds, not on the technology, but some of the philosophical things that are happening in this industry that you should be thinking about. And we're excited welcome, Laurence Pitt, he is the cyber security strategist at Juniper Networks. Laurence, great to meet you. >> Thank you very much, hi. >> Yeah, so before we turn the cameras off, we've been talking about all kinds of fancy things, so let's just jump into it. One of the topics that gets a lot of news is deepfakes, and there's a lot of cute funny things out there of people's voices and things that they're saying not necessarily being where you expect them to be, but there's a real threat here, and a real kind of scary situation that just barely beginning to scratch the surface, I want you to get share some of your thoughts on deepfakes. >> I'm going to think you made a good point at the start. There's a lot of cute and funny stuff out there, there's a lot of fake political stuff you see. So is it seen as being humorous some people are sharing it a lot. But there is a darker side that's going to happen to deepfakes, because a lot of the things that you see today that go out on video, the reason that it is what it is, is because you're very familiar with the person that you're seeing in that video. Is a famous politician, is a movie star, and they're saying something that's out of character or funny and that's it. But what if that was actually the Chief Financial Officer of a major company, where the company appears to have launched a video, very close to the bell ringing on the stock market, that makes some kind of announcement about product or delay or something to do with their quarterly figures or something like that? You know that one minute video, could do a huge amount of damage to that organization. It could that somebody's looking to take advantage of a dip at that point, video goes out, their stocks going to dip, buy it out, then they could profit, but it all could also be much darker. It could be somebody who's trying to do that to actually damage their business. >> So, would you define a very good text base phishing spear phishing as a deepfake, where they've got enough data, where they're, the relevance of the topic is so spot on, the names that are involved in the text are so spot on 'cause they've done their homework, and the transactions that they're suggesting, are really spot on and consistent with the behavior of the things that their target does each and every day. >> So I'm not sure I defined that as a deepfake yet, obviously you've got two types of a phish, you've got a spear phish, which is the the perfected version, the work has gone into target, you as a specific, high value individual for some reason in your organization, but what we are seeing is in the same way that deepfakes are leveraging technology to be able to manipulate somebody, things like the fact that we're all on Instagram, we're all on Facebook, we're all on Twitter, means that social manipulation is a lot easier for the bad guys to be able to create, phishing campaigns that appear to be very much more targeted, they can create emails because they know you've got a dog. They know roughly where you live, because you're this information is coming up in pictures and it's a metro on the internet. And so they can generate automated messaging and emails and things that are going to go out. That will appear to be from whomever you expect to receive it from, using words that you think that only they would know about to make that appear to be more realistic. >> Right. >> And that's actually something, we sort of seen the start of that, but still the thing to spot is that the grammar is very often not very good in these if they haven't perfected the language side of it. >> But that's coming right, but that's coming right. >> But they all getting much more accurate yeah. >> We is an automated transcription service to do all the transcription on these videos. And you know, It's funny you can you can pay for the machine or you can pay for the human, we do both. But it's amazing, even only in the last six months to see the Delta shrink between the machine generated and the person generated. And this is even in, you know, pretty technical stuff that we get in very specific kind of vocabulary around the tech conferences that we cover. And the machines are catching up very, very fast. >> They very much are. but then if you think about, this is not new. What's happened, it's been happening in the background for a while things like quite a lot of legal work is done. If you look at a state agency, for example, conveyancing it's not uncommon for the conveyancing to be done using machine learning and using computer generated documentation because it's within a framework. But of course, the more it does that, the more that it learns. And then that software can more easily be applied to other other areas to be able to do that accurately. >> Right. So another big topic that gets a lot of conversation is passwords. You know, it's been going on forever, and now we're starting to get The two factor authentication, you know, the new Apple phones, you can look at it and identify it, you say now you have kind of biometrics. But that can all be hacked, too, right? It's just a slightly different, a slightly different method. But, you know, even those, the biometric is not at all. >> Well. >> That's secure. >> I think the thing is, you see that when you're logging into something, there's two pieces of information you need. There's there's what you are you as a person and then there's the thing that you know, a lot of people confuse biometrics, thinking of biometric authentication is their password, we're actually the biometric is is the them. And so you still should back things with strong passwords, you still should have that behind it. Because if somebody does get through the biometric that shouldn't automatically just give them access to absolutely everything. It's you know, these are technologies that are provided to make things easier to make it so that you can have less strong passwords so that so that you do know where you're storing information. But People over people tend to rely on them too much, it is still very, very important to use strong passwords to think about the process for how you want to do that. Taking statements and then turning those statements into strange sentences that only you understand maybe having your own code to do that conversion. So that you have a very strong password that nobody's ever going to pick up, right? We know that common passwords, unfortunately, are still 1234567 password, its horrific. >> I know, i saw some article that you're quoted in and it had the worst 25 passwords for 2018 and 2019. And it's basically just pick and pick a string. >> They just don't change. >> But you know, but it's interesting cause, you know, having a hard Prat, you know, it's easy to make, take the time and go ahead and create that, that that strong password. But then, you know, three months later. Salesforce keeps making me do a new one or the bank keeps making me do a new one. What's your opinion in some of these kind of password managers? Because to me, it seems like okay, well, I might be doing a great job creating some crazy passwords for the specific accounts. But what if I could hacked on that thing right now they have everything in the same a single place. >> Yeah. So this is where things like two factor authentication become really, really important. So I use passwords manager. And I've been I'm very, very careful with the how my passwords are created and what goes in there so that i know where certain passwords are created for certain types of account and certain complexities. But I also turned on two factor. And if somebody does try to go into my online password account, I will get an alert to say that they've tried to do that a single failed authentication and I will get an alert to say that they've done it an authentication that happens where I'm not I you know, then I will get a note say I've done that. So this is where there's that second factor actually becomes very important. If you have something that gives you the option to use two factor authentication. Use it. >> Use it. >> You know, it may, you know, we it is a pain when you're trying to do something with your credit card and you have to do One time text. But it'd be more of a pain if you didn't and somebody else was to use it. And to fill it up nicely for you wouldn't right. >> Right. You know, it's funny part of the keynote from Rowan was talking about, you know, as a profession, spending way too much time thinking about the most kind of crazy bizarre, sophisticated attacks. At the at the fault of, you know, not necessarily paying attention to the basics and the basics is where still a lot of the damage was done right. >> You know what? This is the thing and then there's, you know, there's a, there's a few things in our industry. So exactly what you just said. Everybody seems to believe that they're going to be the target of the next really big complex, major attack. The reality is they aren't. And the reality is that they've been hit by the basic slight ransomware, phishing spearphishing credential stuffing all these attacks are hitting them all the time. And so they need to have those foundational elements in place against those understanding what those are and not worry about the big stuff because the reality is if your organization is going to be hit by a nation state level complex attack. Or you can do fight against that as well, it's going to happen. And that's the thing with a lot of the buzzwords that we see in in cyber today as Matt. >> And and with smaller companies SMB's, I mean is really their only solution to go with, you know, cloud providers and other types of organizations and have the resources to get the people and the systems and the processes to really protect them because you can't expect you to just flowers down down off fourth street to be have any type of sophistication needed. But as soon as you plug that server in with a website, you're instantly going to get, get attacked , right. >> So the thing is, you can expect that, that guy to be an expert. He's not going to be an expert in cybersecurity and the cost of hiring someone is going to outweigh the value who's getting back. My recommendation that case is to look for organizations that can actually help you to become more cyber resilience. So an organization that I work with, it's actually UK and US basis, the global cyber alliance. They actually produce a small business toolkit. So it's a set of tools which are not chargeable is put together. And some of it might be a white paper, a set of recommendations, it might actually be a vendor developed tool that they can use to download to check the vulnerabilities or something like that. But what it does is it provides a framework for them. So they go through and say, Okay, yeah, I get this. This is English, simple language. And it helps to protect me as a small business owner, not a massive enterprise where actually none of those solutions fits what i one's to. So that's my recommendation to small businesses, look for these types of organization, work with someone like that, listen to what they're doing and learn cyber from them. >> Yeah, that's good tip. I want to, kind of of double click on that. So that makes sense when it's easy to measure your ROI on a small business. I just can't afford the security pros. >> Yeah. >> For bigger companies when they're doing their budgeting for security. To me, it's always a really interesting as i can, it's insurance at some point, you know, wouldn't be great if i could ensure 100% coverage, but we can't. And there's other needs in the business beyond just investing in, in cyber security, how should people think about the budgets relative to, as you just said, the value that they're trying to protect? How do you help people think about their cyber security budgets and allocations. >> So then there needs to be and this is happening, a change in how the conversation works between the security team and the board who own those budgets. What tends to happen today is that there's a cyber team wants to provide the right information to the board that's going to make them see how good what they're doing is and how successful they are and justifies the spend that they've made and also justifies the future investments that they're going to need to make. But very often, that falls back on reporting on big numbers, statistics, we blocked billions of threats. We turned away millions of pieces of malware. Actually, that conversation needs to narrow down and the team should be saying, Okay, so in the last two months, we had Five attacks that came in, we actually dealt with them by doing this, this is the changes that we've made, this is what we've learned. However, if we had had this additional or this switched on, then we would have been more successful or we'd have been faster or we could have turned down the time on doing that. Having that risk and compliance type conversation is actually adding value to the security solutions they've got and the board understand that they get that conversation, you're going to be happy to engage. This is happening, this is something that is happening. And it will, it's going to get better and better. But that's that's where things need to go. >> Right. Cause the other hard thing is it's kind of like we've joked earlier, it's kind of like an offensive lineman, they do a great job for 69 plays. And on the seventh seventh play, they get a holding call. That's all anybody sees . And you know, there's, again, that was part of robots, keynote that we can't necessarily brag about all the DDoS taxes that we stopped cause we can't let the bad guys kind of know where we're, we're being successful. So it's a little bit of a challenge in tryna show the ROI. Show the value when you can't necessarily raise your hand and say, hey, we stopped the 87. Tax. >> Yeah, >> Cause it's only the 88. That really is the one that that showed up in the Wall Street Journal. >> I think the thing with that is when organizations are looking at security solutions, specifically, we're very aware of that. As you know, organizations struggle to get customer references, you'll see a lot of the references are major financial, large manufacturing organization, because companies don't want to step up and say, I implemented security, they did this because the reverse of that is, she didn't have it before then >> Right right, or we'll go in that door not that door. >> Yeah and so, but there are a lot of good testing organizations out there that actually do take the security solutions, and run them through very, very stringent tests and then report back on the success of those tests. So you know, we work closely with NSX labs, for example, we've had some very good reports that have come out from there, where they do a drill down into how fast how much, how many, and then that's the kind of You can then take to the board. That's the kind of thing that you can publicize to say, the reason that we're using Juniper X or x firewalls is because in this report, this is what it said, this is how good that product was. And then you're not admitting a weakness. You're actually saying we're strong because we did this work in this research background. >> Right, very different kind of different approach. >> Yeah, yeah. >> Yeah well, Lawrence really enjoyed the conversation. We'll have to leave it here. But I think you have no shortage of job security, even though we will know everything in 2020 with the benefit of hindsight. >> Really, yeah thank you very much for that. >> All right. Thanks a lot. Alright, he's Lawrence. I'm Jeff. You're watching the cube. We're at RSA 2020 in Moscone. Thanks for watching. We'll see you next time.

>> Live from San Francisco. Its The Cube. Covering IBM Think 2019. Brought to you by, IBM. >> Okay, welcome back everyone, live here in The Cube here in San Francisco, exclusive coverage of IBM Think 2019. I'm John Furrier and Stu meeting next guest is Calline Sanchez, Vice President of IBM Systems Labs Services. New role for you, welcome back to the cube. >> Yes. Thank you for asking me back. >> So the new role, Vice President of the Systems Lab Services. Sounds super cool, sounds like you got a little lab in there, a little experimentation >> yeah think of it as a sandbox for geeks worldwide. And what that means is we enable high performance computing deployments as well as what we do with blockchain and also artificial intelligence. >> So its a play ground for people that want to do some big things, solve big problems, what are some of the things that you offer, just take us through how it works. Do I just jump in online, is it a physical location? What's it like ? In 2018 9000 plus engagements worldwide in 123 countries. So to net it out is, it's not necessarily a single lab or a single garage, we have multiple locations and skills worldwide to enable these engagements. >> How big is the organization roughly? Its over a thousand folks, consultants who are smart and capable. >> We had a conversation yesterday with Jamie Thomas, talking about, from a super computer stand point, now IBM's reclaimed the top couple of positions there and from a research stand point, David Floyer from our team has been talking for years about how HPC architectures are really going to permeate what happens in the industry and I think about distributed architectures, it all seems to go back to what people in the HPC environment lived in. You've got background in that, you worked for one of the big labs, explain how this has come from something some government lab used to do to something that now many more companies around the globe are leveraging. >> Before IBM I worked at Sandia National Laboratories and the reason why I chose to work with these awesome skills worldwide in lab services is that I wanted to be part of the cool group, so to speak. So they were doing work in deployments with Oak Ridge National Laboratories and also Laurence Lilvermore. So you'll hear (inaudible) with Laurence Livermore speak on stage about some of the relevance associated with high performance computing and why were number 1. So, to get to our question it's cool to be back online with what I could say, high performance computing deployment. We are the mechanics so to speak in this organization. Similar to what we do with formula 1, people who put on the tires, add the air and also enable the cars to move around. Well without them, guess what? Things don't move around. >> So you guys work on the high performance systems, you got quantum coming around the corner, you got AI front and center so you guys are like the hot shots. You come in, you build solutions with what's in the tool chest, if you will with IBM, is that right ? >> correct You're 100% correct. I will say it in my mind, we make things real. We deploy and implement strategic technologies worldwide for the benefit of our end users and we do that also with our partners. >> Give an example of an engagement you guys have had that's notable, that's worth sharing. >> Recently, this was a really exciting area a Smarter Cities with Kazakhstan. And so heres this independent city that works on basically AI for filming things whether its a security thing recognizing certain faces, deployments associated with weapons etc. And they were able to secure safety based on the film, films that they've taken, those assets. Now the other aspect is managing safer traffic. So even the president of Kazakhstan felt it was extremely relevant that we helped him deploy and he comes back to one of our European leaders saying, hey we need more of this and we want it to be extensive, we want to scale this opportunity. >> Talk about the philosophy's you guys are deploying because it sounds like its a... you said sandbox, when I think sandbox I think you do prototypes, I'm thinking about cool stuff, building solutions and that kind of brings this whole entrepreneurial creation mindset. Do you guys have like a design thinking methodology, is there things you're bringing to the table what else is involved besides the sandbox? >> You are correct. We have a very key component of design thinking. There's a CTO that reports to me directly who leads our overall design thinking and so that's a key component of what we do worldwide. Now as far as... We also enable incubation of technologies. So it's like what we intend to do with IBM Cube, What we intend to do with blockchain on system Z. So with these things we have garages worldwide to deploy or incubate the technology. >> What's the coolest thing you've worked on so far? Or the team's worked on? >> That's really hard to say 'cause there's so much. >> It's like picking a favorite child. >> Yeah, it's like I have way too many. So I was - >> You mention blockchain. I like blockchain. Blockchain, are you in healthcare, is it more, is there certain industries that are popping out for you guys? >> So healthcare is an example but I have seen it in the telecom area as well as other industries in general. So we have 11 industries in which we serve. >> How about AI? We're always trying to understand where customers are, how they're really moving things forward, to understand that that HPC architecture is a foundational layer for many customers to help deploy AI. Where are customers starting to make progress ? Give us some of the vibe you're feeling from customers out there. >> So its exciting with AI right now because we have Power Vision that allows us as any of us to actually exploit, utilize and play with, so to speak. So from my perspective that is what's nice, is that you can enable opportunities with the consumer market and learn. Similar to what we do with, and for instance, I am jumping around here, IMB Cube. Where users can actually become a user and start evaluating algorithms in order to enable this really amazing technology as in IB Cube. >> That was always the promise of big date, is that we should be able to leverage our data and get the average business user to do it. So it sounds like AI will continue that trend. >> Correct. So in prior rule, I talked to all of you about big data storage, right and replication. So now what's amazing about the conversations is that they've transcended. Its like, here you're looking to manage these large data warehouses, when, what do you do with the data? How's it monetized, how is it used in order to solution what's possible. >> What is the goal of the organization, next 6 months, year, what's the charter, what's your key performance indicators, how do you guys measure success, client engagements, onboarding people, what is the business objectives? >> So we look at the number of engagements, we also look at educational services worldwide for instance I will be in Cairo, Egypt next week to work on specific things that are going on in Mia in order to enable this next growth market so to speak. What in addition we do to measure ourselves, utilization, classic services organization view of the world. So we also evaluate what we can do with revenue, profit and our understanding of growth and we really believe the focus is these growth technologies. >> Is there a criteria if I wanted to get involved, just say I am a customer, prospect, wow, I really want to get into this design thinking, got these labs, coolest labs services, I want to play with the cutting edge technologies, how do I get involved? Is there a criteria open to all or how does it work? >> In addition to IBM Systems Labs Services, I have technical universities and we actually run technical universities worldwide for end users, clients as well as what we do with partners and IBMers. And this is important because we're able to then discuss, talk, collaborate with SME's across multiple areas of technology. So its a very good question and very important that I mention the technical universities. >> Are there certifications along that line? What are some of the hot skill sets that people are looking to learn about ? >> It circles right back to your last question, AI. With regards to how we certify folks as well as we, in essence, they get enough training in boot camps in order to get badges. >> So their certification, they just pass the touring test and then they're okay. >> correct. Well. (laughs) I don't know about the touring test so to speak. >> So is there a website on IBM.com, is there like a URL as in like labservices.ibm.com? >> I personally like the look at twitter where you can do a search on IBM Lab Services or Tech U. >> Tech U. And screening, how big is that focus, used a lot of video, is it collaborative tooling is it face to face, virtual, how do you guys do the training, all the above? >> Unfair, I was going to say all of the above. (laughs) It depends. (laughs) Giving that classic response, our favorite is video blogs. What we can do in social media with the YouTube channels etc. to get our opinions or our voice out with regards to key technologies. >> Well great, make sure you let us know what those channels are and we'll promote them, get that metadata out there, of course The Cube loves to collaborate. And thanks for coming on and sharing. >> I appreciate it and I will definitely take a sticker and put it on my laptop. >> Calline Sanchez, Vice President of the new IBM Systems Lab Services. A lot of opportunities to get in the worldwide sandbox and put the sluices together from blockchain to cutting edge AI. Your live coverage here at San Francisco at IBM Think, I'm (inaudible) stay with us for more coverage after this short break. (lively music)